CVE-2026-24803
Infinite Loop Vulnerability in lede mt7615d Security Module
Publication date: 2026-01-27
Last updated on: 2026-01-27
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| coolsnowwolf | lede | to 25.10.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-835 | The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an infinite loop issue in the BN_mod_sqrt() function within the coolsnowwolf lede project. Specifically, the function can enter a loop with an unreachable exit condition when processing certain inputs, particularly when the modulus p is non-prime. This causes the calculation to never complete, effectively causing the program to hang or become unresponsive. [1]
How can this vulnerability impact me? :
The infinite loop vulnerability can cause the affected system or application to hang or become unresponsive when processing certain inputs. This can lead to denial of service conditions, potentially disrupting normal operations and affecting availability of services relying on the BN_mod_sqrt() function in the coolsnowwolf lede project. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is related to an infinite loop in the BN_mod_sqrt() function when processing certain inputs, specifically with a non-prime modulus p. Detection would involve monitoring for processes or functions that hang or consume excessive CPU time due to this infinite loop. Since the issue is in the coolsnowwolf lede package's mt7615d driver embedded security modules, you can check for the presence of vulnerable versions (through r25.10.1) of the software. Specific commands to detect the vulnerability are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation is to apply the security patch that fixes the infinite loop in the BN_mod_sqrt() function. This patch, originally from OpenSSL addressing CVE-2022-0778, has been merged into the coolsnowwolf/lede repository as of February 17, 2025 (pull request #13346). Updating your system to include this patch or upgrading to a version of lede that includes this fix will mitigate the vulnerability. [1]